In 2005, Sony added "rootkit" to the vocabulary of computer users across the world when it added hidden copy protection software to its music CDs. Two years later, history seems to be repeating itself.
What's a rootkit? In case you slept through the Sony music CD debacle, a rootkit is a program that hides its presence from normal operating system interfaces. A Windows rootkit, for example, will not show up in Windows Explorer. Depending upon its design, a rootkit can hide files and folders, registry keys, or other system components.
Rootkits can be used in a variety of ways: Sony used two different rootkits to prevent copying of music CDs by computer users in 2005, while other rootkits have been used to run security programs, run malware to attack systems, and so forth. While some users will object to any rootkit, no matter its purpose, others will be more concerned if the rootkit makes it easy for others to attack your PC.
Sony's 2005 rootkits provided a vivid demonstration of everything a company that uses rootkit technology can do wrong:
Sony eventually wound up recalling over 100 music CD titles that used the rootkits and shelled out millions of dollars in settlements.
Monday , anti-malware vendor F-Secure announced that Sony's MicroVault USM-F line of USB flash drives with onboard fingerprint readers create a folder invisible to Windows that is used for the fingerprint reader's software and data files. While this method helps protect the reader from tampering, F-Secure points out that the hidden folder can also be accessed from the command prompt, can be used to store additional files, and could be exploited by hackers as a location for storing malware. In other words, whether Sony intended it or not, the MicroVault fingerprint readers install a rootkit on your PC that can be exploited as a security risk.
However, in a follow-up analysis two days later, F-Secure also points out that Sony has learned a few things from its 2005 fiasco:
Unfortunately, the driver can be used to hide any (!) folder ( McAfee's AVERT Labs used it to hide the Windows folder and all subfolders ). How long will it be before some malware writer comes up with a nasty piece of "ransomware" to take advantage of this 'feature?'
Right now, the way that some rootkits are designed and used by legitimate companies makes it easy for the bad guys to abuse a rootkit by using it to attack users' computers - and users who don't know about a particular rootkit (and don't use anti-rootkit programs) are sitting ducks. Here's my modest proposal to set up a "Bill of Rootkit Rights" for PC users:
Sony's Micro Vault driver quite clearly fails to meet most of these proposed rules - especially the last one.
Some may argue that this level of disclosure would harm the effectiveness of a rootkit designed to perform legitimate tasks. I disagree: right now, the bad guys know about what rootkits can do - and all I'm advocating is the same level of knowledge for legitimate users. Nobody wants to install a program that can be turned into a weapon against their system or their information.
Discover what features are great, what works, and what needs work in Windows Vista with Mark's new book Maximum PC Microsoft Windows Vista Exposed . It's now available at Amazon.com and other fine bookstores.